From: Timothy Dillman (info@globaldataconsulting.com)
Date: Sun Aug 21 2005 - 12:20:48 EDT
Hannibal,
What indication do you have that the X.X.X.0/24 is a host address? Does it
fall between 2-254? The output you shared only tells us how the network is
subnetted.
Also, classful addressing was done away with several years ago. The class
A, B, C, etc.. hiearchy was replaced with something called Classless
Inter-Domain Routing (CIDR). CIDR allows subneting bit by bit rather than
by full octet blocks.
If your output lists an IP address followed by a slash twenty-four (/24)
your subnet mask is 255.255.255.0. Assuming the network isn't further
subnetted within the /24, your network address will be X.X.X.1 and your
broadcast address will be X.X.X.255 leaving X.X.X.2-254 as valid host
addresses. X.X.X.0/24 is the merely the address range you are dealing with.
Good Luck,
Tim Dillman - CCE, CCNA
Global Data Consulting, LLC
9901 N. Hedges Ave.
Kansas City, MO. 64157
o:(816)841-2511
c:(816)519-2366
f:(816)841-2598
info@globaldataconsulting.com
-----Original Message-----
From: Payton, Zack [mailto:Zack.Payton@MWAA.com]
Sent: Saturday, August 20, 2005 5:35 PM
To: hannibal blog; pen-test@securityfocus.com
Subject: RE: Discovering network subnets
Most likely it's not a /24 but some kind of larger network like a /23 for
example.
For example:
10.0.0.0/23 ranges from 10.0.0.0 - 10.0.1.255 making 10.0.1.0 a completely
valid address.
As far as figuring out the topology map where are you in relation to the
network?
If you're on the broadcast domain use DHCP or a sniffer to listen for
broadcast packets.
If not... See if you can query network devices using SNMP... It's pretty
trivial to figure out packet signatures for cisco and Juniper routers and
then brute force SNMP. Using DHCP relay sometimes works. ICMP Address mask
requests if they're not behind a firewall which they don't
appear to be if X windows is exposed to the internet. If it's not a
private network just use traceroute.orgs route servers.... If you're in the
same AS it may be possible to for a routing adjacency with the IGP using
FX's virtual router attack kit...
Who knows?
Z
-----Original Message-----
From: hannibal blog [mailto:hannibalsec@gmail.com]
Sent: Saturday, August 20, 2005 7:07 AM
To: pen-test@securityfocus.com
Subject: Discovering network subnets
hello list
I'm actually doing a blackbox audit of a network, and I'm trying to discover
network architecture.
I got this output with nmap X.X.X.0/24
interresting ports on X.X.X.0
68/tcp
723/tcp
6000/tcp
I'm not sure the network is a C class one, but I'm surprised that such an ip
adress is an host IP.
What do u think ?
Any idea to guess network adressing map ?
------------------------------------------------------------------------
------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN
by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity thefts
and MAC spoofing. Request your complimentary white paper at:
http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
------------------------------------------------------------------------
-------
----------------------------------------------------------------------------
-- FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 ---------------------------------------------------------------------------- ---
------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:
http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:46 EDT